package sso.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.access.AccessDeniedHandler;
import sso.util.WebUtils;
import java.util.HashMap;
import java.util.Map;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
//        super.configure(http);
        http.cors().disable();

        http.exceptionHandling().accessDeniedHandler(accessDeniedHandler());
        http.authorizeRequests().anyRequest().permitAll();

    }

    public AccessDeniedHandler accessDeniedHandler(){
        return (httpServletRequest,httpServletResponse,e) ->{
            Map<String,Object> map = new HashMap<>();
            map.put("state", 403);
            map.put("msg", "X﹏X 访问权限不足啊，小老弟");
            WebUtils.writeJson2Client(httpServletResponse, map);
        };
    }
}
